Cloud-native autonomous endpoint management vendor Automox has signed the secure-by-design pledge implemented by the US Government’s Cybersecurity and Infrastructure Security Agency (CISA).
Jason Kikta, chief information security officer (CISO) and senior vice-president (SVP) of product at Automox, said the company had been a fan of the CISA Secure By Design initiative since the latter’s 2023 launch.
“It has long been incorporated into our security programme as well as in our community advocacy,” Kikta said in the announcement. “It was so easy to commit to something already baked into our security culture.”
Secure By Design principles aim to promote “durable changes” in modern computing that make the cloud safer for users. The pledge would help vendors earn confidence, demonstrating that they have their customers’ best interests at heart, Kikta said.
CISA’s view was that the cybersecurity burden had often been placed disproportionately on the shoulders of customers.
“Every technology provider must take ownership at the executive level to ensure their products are secure by design,” it said on its website.
“Today’s diverse blend of on-premise, hybrid, and cloud architectures has led to a shift in exploitation trade craft. Malicious actors benefit from too many vendors using cloud services as a way to obfuscate vulnerabilities,” noted Kikta.
Kikta said “those same vendors” had often sought to maximise revenue by turning security imperatives like multi-factor authentication (MFA) and logs into “profit centres”.
“The Secure by Design Pledge gives the market an objective mechanism to determine which vendors are acting as responsible partners,” he added.
“The challenge for any security programme is to achieve internal and external confidence. By setting consistent and objective standards, CISA’s Secure by Design pledge defines the fundamentals vendors should deliver.”
Read about the UK Government’s secure-by-design approach here.
Automox, which provides an automation platform for endpoint management, also had certifications including TX-RAMP Level 2, SOC 2, SOC 3, CSA STAR, GDPR, EU-US DPF, and PCI-DSS, the vendor said.
( Photo by Shamin Haky on Unsplash )
